Login issues due to Content Security Policy rules when using Nginx Proxy

[martirale]

Support guidelines

• I've read the support guidelines

I've found a bug and checked that ...

• ... the documentation does not mention anything about my problem
• ... there are no open or closed issues that are related to my problem
• ... it's definitely a Firefly III issue, not me

Description

Hello, I'm not sure if it's a Firefly III problem or mine, since I'm experiencing this problem when using Nginx Proxy Manager for my Firefly III installation. Having said that, I continue.

For context, install Firefly III in a Docker container running on a Proxmox server. While I use the local IP to access Firefly III the login issue works fine, without any problems. However, when I use the sub-domain (configured with Nginx Proxy Manager) that points to that IP, login time does not work.

I checked in the browser's development console and the error they show is that there is a violation of the Content Security Policy (CSP) rules because the sub-domain of Nginx Proxy Manager accesses it from HTTPS but the destination page is embedded in Firefly III header is HTTP and the apparent solution I found is that I need to add a header with my rules (header like this):

add_header Content-Security-Policy "default-src 'self';";

I don't know where the header should go or if there is any other way to fix it.

Debug information

Expected behaviour

Find a way to add the header with the CSP rules and be able to log in normally or another solution that can more practically solve the issue.

Steps to reproduce

1. Install Nginx Proxy Manager, link it with a real domain.
2. Establish a sub-domain with Nginix Proxy Manager that points to the local IP where Firefly III is hosted.
3. Try to log in.

Additional info

Another service experiencing issues with Ngnix Proxy Manager is Home Assistant (not the same type of issue) and this is fixed by adding the following code to the configuration file:

http: use_x_forwarded_for: true trusted_proxies: - My Nginx Proxy Manager IP

I don't know if something similar will exist in Firefly III.

[victorbalssa]

Hey @martirale,

You need to set this env variable:

# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
# Set it to ** and reverse proxies work just fine.
TRUSTED_PROXIES=**

[martirale]

I tested the solution and it works perfectly. Thank you so much!